Greetings! When I installed LinNeighborhood on my laptop, I was expecting only to see two computers. Instead, I saw the entire neighborhood on the other side of my Pac Bell DSL. This is the first time that I have ever ran into this situation where I could see computers beyond the two that I have. I'm using SuSE firewall 2 and SuSE 7.3 on my server with two NICs. I also have Samba running on this machine as well. I want to make sure that no one can come off the internet to access my shares, and I want to block the other the computers from being visible in Win/LinNeighborhood. Short of moving my Samba server to a different computer, any idea how I can fix this? Thanks! Christopher
Hi Christopher I am not an expert, but it sounds as though you have port 139 open. However you need to check your exposure from the internet by going to http://www.grc.com and take the links to Shields Up. Then take the 2 tests. The first one will show you if 139 is open to the world. Take also the second to see what else you have open. If you need to close it others here hopefully will be able to tell you. Regards, David On Sun, 09 Dec 2001 00:32:22 -0800, Christopher D. Reimer wrote:
Greetings!
When I installed LinNeighborhood on my laptop, I was expecting only to see two computers. Instead, I saw the entire neighborhood on the other side of my Pac Bell DSL. This is the first time that I have ever ran into this situation where I could see computers beyond the two that I have.
I'm using SuSE firewall 2 and SuSE 7.3 on my server with two NICs. I also have Samba running on this machine as well. I want to make sure that no one can come off the internet to access my shares, and I want to block the other the computers from being visible in Win/LinNeighborhood. Short of moving my Samba server to a different computer, any idea how I can fix this?
Thanks!
Christopher
Regards, David
On Sunday 09 December 2001 12.28, David wrote:
Hi Christopher
I am not an expert, but it sounds as though you have port 139 open. However you need to check your exposure from the internet by going to http://www.grc.com and take the links to Shields Up. Then take the 2
Go to grcsucks.com to see why Gibson should be boycotted. Not only is the site more flash than substance (and very little substance at that), it is also a hacker tool now, allowing anyone to portscan anyone else without fear of detection. All firewalls should block out the grc.com domain. //Anders
On Monday 10 December 2001 23:08 pm, Anders Johansson wrote:
On Sunday 09 December 2001 12.28, David wrote:
Hi Christopher
I am not an expert, but it sounds as though you have port 139 open. However you need to check your exposure from the internet by going to http://www.grc.com and take the links to Shields Up. Then take the 2
Go to grcsucks.com to see why Gibson should be boycotted. Not only is the site more flash than substance (and very little substance at that), it is also a hacker tool now, allowing anyone to portscan anyone else without fear of detection. All firewalls should block out the grc.com domain.
//Anders
I read the article. Very little substance there, and lot of fluff and opinion. Someone obviously doesn't like Steve G. I have no opinion about him and didn't gather enough from the article to even make a judgement. -- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 12/10/01 23:34 + +----------------------------------------------------------------------------+ "In theory, there is no difference between theory and practice," "but in practice... there is no similarity between theory and practice."
On Tuesday 11 December 2001 05.35, Bruce Marshall wrote:
I read the article. Very little substance there, and lot of fluff and opinion. Someone obviously doesn't like Steve G.
I have no opinion about him and didn't gather enough from the article to even make a judgement.
There's more than one article, with some very detailed critique. But even so, the very fact that grc.com is in effect an open relay for portscans is reason enough to block it. //Anders
Greetings Anders,
I think that Steve <see quote below> is a very intelligent guy, and I
although personally I don't really need to use his scanner as I have a shell
account, I have used it, and I have told other window user folk who not so
fortunate to have a shell, to use his scanner. I get portscanned (with nmap)
all the time, is it illegal? While it may be annoying behavior (as we used
to say in fidonet), I don't think so, it isn't illegal yet. The only fear
here, seems to be the fear spreading as to the evilness of portscanning
without detection. And although I agree he(steve) ought to fix that problem,
it really only is a scan, not a hack. You would still need to actually
attack the target. (methods of which I won't discuss)
Regarding flash, I see a couple gif files to help make his site look
asthetic. Some cookies, javascript (which can be turned off), yeah it looks
like an original plain paper bag wrapper with cheese normal website.
(I think I have more flash on my site) What do you want? All 100% text?
Regarding substance, there's quite a bit of content (substance is what I eat
for breakfast) on his site, some of his tricks taught me a thing or two. I
go there when I can't remember which dll to delete ( NT4 or 98? I never can
remember and the tips and tricks website has way too much advertising)
He goes quite in depth about packet sniffing, and a bit about renaming dll's
to shut these damned ports off. You probably didn't bother to visit the
news server he setup. But portscanning isn't the only thing he does. He is
a reverser (that in itself is amazing), a 32bit asm programmer(are you?), he
has given software away for free(have you?) Your argument doesn't hold much
water in this light. There is content if you are *looking* for it.
I got a friend that knows him personally, (he lives out in Eldorado Hills,
California) and I can tell you (according to my friend) he is one nice guy.
You can boycott whoever you want, although I think though that your missing
the whole point, if you really think about it; the underlying problem is with
microsoft's ongoing security problems and their lack of fixing these
problems.
In essence, you have your guns pointed at the wrong target. He is just a guy
trying to make a living just like anyone else. A lot of folks slammed him
when he said XP was going to muck up the web, and frankly I think XP is
Vaporware. But that's no reason to attack him, he does have a right, being a
US Citizen of freedom of speech, and to try to make a living. The real
target ought to be microsoft, because they have consistently proven they are
arrogant, and continously make security mistakes, and they refuse to
acknowledge there even is a problem. It they fixed all these problems, then
Steve's site wouldn't do squat.
I will continue to support him by sending unwary unsavvy windows users his
way to check their systems, the good does outweigh the bad in this case. I
only hope you actually listen to what I have said, and reconsider your
position. I don't think you'd like it if someone started a website called
http://anderssucks.com . No I didn't think so. It would be far more
productive to ask Anders what the problem is and perhaps give him a solution.
Same can be said for GRC. Microsoft on the other hand doesn't play by the
legal rules in the first place.
There's too much petty bickering going on, and frankly it's ruining too many
business's already. Is the "new business model plan" , to attack other
business's and sue them? Is that what the world is come to now? If that's
the case then maybe I ought to just pick up some weapons and ammunition and
blow away the first bastard that tries that on me. They'd throw me in jail
for murder, but hey the problem would be solved if everyone thought like this.
Or maybe, if someone posts a message on SecurityFocus saying you suck, do all
the idiots out there go make a
Go to grcsucks.com to see why Gibson should be boycotted. Not only is the site more flash than substance (and very little substance at that), it is also a hacker tool now, allowing anyone to portscan anyone else without fear of detection. All firewalls should block out the grc.com domain.
//Anders
-- Leave the Constitution Alone. http://members.osb.net/phil
You missed the important fact: GRC offers a tool for downloading which supposedly is to allow the user to send his IP address to grc so that the grc port scan won't get confused. The problem is that the 'tool' allows one to send ANY IP address to grc. IF it is bundled with a wrapper which is preset to target a specific site, and then made part of the payload of a viri or trojan, a DoS attack can be mounted at the target site. That is what everyone means when they say the grc site has become a supplier of cracking tools for crackers. JLK On Tuesday 11 December 2001 05:01, phil wrote:
Greetings Anders,
I think that Steve <see quote below> is a very intelligent guy, and I although personally I don't really need to use his scanner as I have a shell account, I have used it, and I have told other window user folk who not so fortunate to have a shell, to use his scanner. I get portscanned (with nmap) all the time, is it illegal? While it may be annoying behavior (as we used to say in fidonet), I don't think so, it isn't illegal yet. The only fear here, seems to be the fear spreading as to the evilness of portscanning without detection. And although I agree he(steve) ought to fix that problem, it really only is a scan, not a hack. You would still need to actually attack the target. (methods of which I won't discuss)
Regarding flash, I see a couple gif files to help make his site look asthetic. Some cookies, javascript (which can be turned off), yeah it looks like an original plain paper bag wrapper with cheese normal website. (I think I have more flash on my site) What do you want? All 100% text?
Regarding substance, there's quite a bit of content (substance is what I eat for breakfast) on his site, some of his tricks taught me a thing or two. I go there when I can't remember which dll to delete ( NT4 or 98? I never can remember and the tips and tricks website has way too much advertising) He goes quite in depth about packet sniffing, and a bit about renaming dll's to shut these damned ports off. You probably didn't bother to visit the news server he setup. But portscanning isn't the only thing he does. He is a reverser (that in itself is amazing), a 32bit asm programmer(are you?), he has given software away for free(have you?) Your argument doesn't hold much water in this light. There is content if you are *looking* for it.
I got a friend that knows him personally, (he lives out in Eldorado Hills, California) and I can tell you (according to my friend) he is one nice guy. You can boycott whoever you want, although I think though that your missing the whole point, if you really think about it; the underlying problem is with microsoft's ongoing security problems and their lack of fixing these problems.
In essence, you have your guns pointed at the wrong target. He is just a guy trying to make a living just like anyone else. A lot of folks slammed him when he said XP was going to muck up the web, and frankly I think XP is Vaporware. But that's no reason to attack him, he does have a right, being a US Citizen of freedom of speech, and to try to make a living. The real target ought to be microsoft, because they have consistently proven they are arrogant, and continously make security mistakes, and they refuse to acknowledge there even is a problem. It they fixed all these problems, then Steve's site wouldn't do squat.
I will continue to support him by sending unwary unsavvy windows users his way to check their systems, the good does outweigh the bad in this case. I only hope you actually listen to what I have said, and reconsider your position. I don't think you'd like it if someone started a website called http://anderssucks.com . No I didn't think so. It would be far more productive to ask Anders what the problem is and perhaps give him a solution. Same can be said for GRC. Microsoft on the other hand doesn't play by the legal rules in the first place.
There's too much petty bickering going on, and frankly it's ruining too many business's already. Is the "new business model plan" , to attack other business's and sue them? Is that what the world is come to now? If that's the case then maybe I ought to just pick up some weapons and ammunition and blow away the first bastard that tries that on me. They'd throw me in jail for murder, but hey the problem would be solved if everyone thought like this.
Or maybe, if someone posts a message on SecurityFocus saying you suck, do all the idiots out there go make a
website? Run with the hype. Go with the latest fad. Let's attack the small guy, cause he's easier than the big giant, and he won't do anything about it. I hope I have made my point without flaming anyone (including Anders) I really wish folks could get along and show a little respect to one another. I am not a judge, I try not to judge. Facts are facts.
PS. All the original guy in this thread did was suggest someone scan a box, and he suggested grc.com which is half way fast and dirty way to get the job done, sure there are others out there, many are (one time use) or (pay only) and they are hard to search and find for a beginner. I don't see any suggestions to an alternative free service. And I am not judging your email either, but I am sticking up for Steve.
regards phil
Go to grcsucks.com to see why Gibson should be boycotted. Not only is the site more flash than substance (and very little substance at that), it is also a hacker tool now, allowing anyone to portscan anyone else without fear of detection. All firewalls should block out the grc.com domain.
//Anders
Your right, I did miss that. Sorry. On Tuesday 11 December 2001 06:36 am, you wrote:
You missed the important fact: GRC offers a tool for downloading which supposedly is to allow the user to send his IP address to grc so that the grc port scan won't get confused. The problem is that the 'tool' allows one to send ANY IP address to grc. IF it is bundled with a wrapper which is preset to target a specific site, and then made part of the payload of a viri or trojan, a DoS attack can be mounted at the target site.
That is what everyone means when they say the grc site has become a supplier of cracking tools for crackers. JLK
-- Leave the Constitution Alone. http://members.osb.net/phil
On Tuesday 11 December 2001 12.01, phil wrote: <snipped most of a huge flame>
position. I don't think you'd like it if someone started a website called http://anderssucks.com . No I didn't think so. It would be far more
I agree that the site is very poorly named. But there really is some very good info and links on that site.
I don't see any suggestions to an alternative free service.
Conceded. I did try to find something, but didn't turn up anything. I guess the security implications of such a tool are difficult to overcome. //Anders PS. I did write a more thorough reply to your mail, but decided it would be too OT for the list. If you're interested, I could post it to you off-list
On Tuesday 11 December 2001 18:24 pm, Anders Johansson wrote:
I don't see any suggestions to an alternative free service.
Conceded. I did try to find something, but didn't turn up anything. I guess the security implications of such a tool are difficult to overcome.
Another (very good) scan site is www.vulnerabilities.org I used it once and the report generated was very good. (using nessus and nmap) -- +----------------------------------------------------------------------------+ + Bruce S. Marshall bmarsh@bmarsh.com Bellaire, MI 12/11/01 19:55 + +----------------------------------------------------------------------------+ "Put not your trust in money, but put your money in trust."
participants (6)
-
Anders Johansson -
Bruce Marshall -
Christopher D. Reimer -
David -
Jerry Kreps -
phil